1. Field of the Invention
The invention generally relates to servers storing user-specific state information and, specifically, to network devices such as routers hosting user-specific state information for the purpose of providing personalized content on the World Wide Web.
2. Description of Background Art
On the World Wide Web (i.e. the “web”), it is frequently desirable for websites to store information relating to a specific user and/or user computer. For many applications it is necessary to associate a user computer with context data relating to previous interactions with that same user computer. For example, a user may indicate certain preferences regarding the display of a particular website, and it may be desirable to associate those preferences with the user computer for future visits. However, the standard protocol for transferring web pages, the HyperText Transfer Protocol (HTTP), provides only a very limited capability to store user computer-specific context data across visits.
Known methods for storing user computer-specific context data built into HTTP usually involve storing a small segment of data, called a “magic cookie” or simply “cookie,” on the user computer. Cookies form the building blocks for most user computer-specific context data storage on the web, but they have several serious limitations. Cookies are limited in size, finite in quantity, and can be arbitrarily modified or deleted by the user. They also pose privacy and security concerns, which limit their suitability for storage of many kinds of context data that would be desirable to store. For example, it may be desirable for a website to automatically store a user's personal information for the purpose of facilitating future visits from the same user, but storing the user's personal information in a cookie makes the information potentially vulnerable to disclosure or malicious modification by other programs or websites, yielding an undesirable result.
Other techniques for storing data on the user computer include ASP.NET View State, hidden form fields, and URL query strings. However, all of these techniques are limited in the amount of data they can store, and many of them threaten the security of the user computer when used to store critical data.
To address these concerns, many web servers use cookies (or other techniques) to store index data in the user computer. This index data is then used to retrieve the user computer-specific context data from a database of context data stored at the web server. The user computer-specific context data can be stored securely at the web server while still being uniquely associated with various user computers through use of cookies.
While the technique of using index data contained in cookies to retrieve context data stored at the web server is an improvement over storing context data in cookies directly, it introduces several other problems when put into practice.
Web servers are highly active systems with many processes running in parallel. It is quite common for web servers to crash, freeze, restart, or slow due to high volume of traffic. These events can make the website and any stored context data unavailable for a period of time, and, in some cases, result in the loss of context data entirely.
To alleviate the effect of server failure, it is common for websites to be hosted on multiple web servers. Many websites receive such a high volume of page requests that without hosting them on multiple web servers the response time to page requests would be intolerable. Having multiple web servers reduces the likelihood that the website will become unavailable due to a server failure and increases the overall capability of the system to handle a high volume of page requests. Various techniques for load balancing have been implemented for evenly assigning incoming web page requests to one of an array of web servers. These techniques are designed to smooth the response to page requests despite server delays or failures.
However, load balancing does not address the problem of potential context data loss due to server failure. If context data is stored on a web server that fails, load balancing techniques may be able to continue web service without interruption, but the context data stored on that web server may be lost. Load balancing alone does not protect context data from server loss.
Furthermore, storing context data on web servers hinders load balancing. If the user computer-specific context data is stored on a certain web server, it is necessary that return visits by the user computer be handled by the same web server so as to facilitate retrieval of the context data. Thus the user computer remains associated with a particular web server, even though load conditions may have changed, causing another server to have greater availability of capacity. This static association between a user computer and a web server reduces the effectiveness of load balancing. Load balancing techniques have difficulty assigning page requests to web servers evenly when a large portion of incoming page requests must necessarily be assigned to a specific web server.
Additionally, storing context data on a web server poses challenges for maintaining or upgrading the web server, as context data can persist for long periods of time, and it is not generally known when the return of a certain user computer will necessitate access to certain context data.
Context data can be stored in a context server external to the web server. However, storing context data external to the web server introduces several extra steps. In order to process a request, the web server must receive the request, determine the need for context, request the context data from the external context server, wait for a response, process that response, write the updated context data back to the external state server, and finally return the web request. These extra steps introduce delay, complexity, and the potential for failure.
What is needed is a method for storing and retrieving user computer-specific context data securely and for an indefinite period of time, in a manner that supports redundancy and is compatible with load-balancing techniques, and without adding unnecessary complexity or steps to the method of the web server.